Skip to main content

Cisco IoT Field Network Director CVE-2026-20167

| EUVDEUVD-2026-27850 HIGH
Improper Access Control (CWE-284)
2026-05-06 cisco GHSA-48h9-c48p-4x99
7.7
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
7.7 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 17:31 vuln.today

DescriptionCVE.org

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.

This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition.

AnalysisAI

Cisco IoT Field Network Director enables authenticated remote attackers with low-level privileges to crash remotely managed routers by submitting crafted requests through the web-based management interface. The vulnerability causes improper error handling that allows requesting unauthorized files from managed routers, forcing them to reload and creating a denial-of-service condition (CVSS 7.7, Changed Scope). No public exploit or active exploitation reported at time of analysis.

Technical ContextAI

Cisco IoT Field Network Director is an IoT operations platform for managing and monitoring field area network infrastructure, particularly in industrial environments. The vulnerability stems from CWE-284 (Improper Access Control) in the web management interface's file request handling mechanism. The Changed Scope (S:C) in the CVSS vector indicates the vulnerability exists in one component (IoT-FND) but impacts a separate resource (the managed routers), which is atypical for web-based DoS vulnerabilities and elevates the severity. The improper error handling fails to validate or restrict file access requests forwarded to managed devices, allowing low-privileged authenticated users to trigger unauthorized operations on downstream infrastructure components.

RemediationAI

Consult Cisco Security Advisory cisco-sa-iot-fnd-dos-n8N26Q4u at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u for vendor-released patches and exact fixed versions. Apply the latest IoT-FND software update as specified in the advisory. As interim mitigation, restrict web management interface access to trusted administrator IP addresses using firewall rules or access control lists, implement strict account privilege separation ensuring users have minimum necessary permissions (avoid granting low-privilege accounts any file access capabilities), and enable logging and alerting for unusual file request patterns or repeated router reload events. Note that restricting interface access may impact legitimate remote administration workflows. Deploy intrusion detection to monitor for crafted HTTP requests targeting file retrieval endpoints if patch deployment is delayed.

Share

CVE-2026-20167 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy